public async Task <ActionResult> ResetPasswordByCode(ResetPasswordByCodeModel formModel) { TryValidateModel(formModel); // Reassign the passed form to the current context to allow user post it again as hidden fields in the form WorkContext.Form = Form.FromObject(formModel); if (!ModelState.IsValid) { return(View("customers/forgot_password_code", WorkContext)); } if (!_options.ResetPasswordNotificationGateway.EqualsInvariant("Phone")) { WorkContext.Form.Errors.Add(SecurityErrorDescriber.ResetPasswordIsTurnedOff()); return(View("customers/forgot_password_code", WorkContext)); } var user = await _signInManager.UserManager.FindByEmailAsync(formModel.Email); if (user == null) { WorkContext.Form.Errors.Add(SecurityErrorDescriber.OperationFailed()); return(View("customers/forgot_password_code", WorkContext)); } var isValidToken = await _signInManager.UserManager.VerifyUserTokenAsync(user, TokenOptions.DefaultPhoneProvider, "ResetPassword", formModel.Code); if (!isValidToken) { WorkContext.Form.Errors.Add(SecurityErrorDescriber.InvalidToken()); return(View("customers/forgot_password_code", WorkContext)); } var token = await _signInManager.UserManager.GeneratePasswordResetTokenAsync(user); WorkContext.Form = Form.FromObject(new ResetPassword { Token = token, Email = user.Email, UserName = user.UserName }); return(View("customers/reset_password", WorkContext)); }
public async Task <ActionResult> ResetPasswordByCode(ResetPasswordByCodeModel formModel) { TryValidateModel(formModel); //Reassign the passed form to the current context to allow user post it again as hidden fields in the form WorkContext.Form = formModel; if (!ModelState.IsValid) { return(View("customers/forgot_password_code", WorkContext)); } if (!_options.ResetPasswordNotificationGateway.EqualsInvariant("Phone")) { ModelState.AddModelError("form", "Reset password by code is turned off."); return(View("customers/forgot_password_code", WorkContext)); } var user = await _signInManager.UserManager.FindByEmailAsync(formModel.Email); if (user == null) { ModelState.AddModelError("form", "Operation failed"); return(View("customers/forgot_password_code", WorkContext)); } var isValidToken = await _signInManager.UserManager.VerifyUserTokenAsync(user, TokenOptions.DefaultPhoneProvider, "ResetPassword", formModel.Code); if (!isValidToken) { ModelState.AddModelError("form", "Reset password token is invalid or expired"); return(View("customers/forgot_password_code", WorkContext)); } var token = await _signInManager.UserManager.GeneratePasswordResetTokenAsync(user); WorkContext.Form = new ResetPassword { Token = token, Email = user.Email, UserName = user.UserName }; return(View("customers/reset_password", WorkContext)); }